GDPR Compliance

Last updated: May 11, 2026

1. Introduction

This page outlines how lumine-dream complies with the General Data Protection Regulation (GDPR) for individuals in the European Union and European Economic Area. While we are based in Australia, we respect and uphold GDPR principles for all our users.

2. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: When you voluntarily provide information through forms or communications
  • Contractual Necessity: When processing is necessary to fulfill our services
  • Legitimate Interests: For business operations, fraud prevention, and service improvement
  • Legal Obligation: When required to comply with applicable laws

3. Your GDPR Rights

Under GDPR, you have the following rights:

3.1 Right to Access

You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data.

3.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data we hold about you.

3.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data under certain circumstances, such as when:

  • The data is no longer necessary for the purposes collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

3.4 Right to Restrict Processing

You can request restriction of processing your personal data in certain situations, such as when you contest the accuracy of the data.

3.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

3.6 Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

3.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

4. Data Controller Information

Data Controller: lumine-dream
Address: Level 14, 383 Kent Street, Sydney NSW 2000, Australia
Email: [email protected]

5. Data Protection Officer

For GDPR-related inquiries, you may contact our data protection team at [email protected].

6. Data Collection and Use

We collect and process personal data only for specified, explicit, and legitimate purposes. The data we collect includes:

  • Contact information (name, email, company)
  • Communication records
  • Technical data (IP address, browser type, device information)
  • Usage data and analytics

7. Data Sharing and Transfers

We do not sell your personal data. We may share data with:

  • Service providers who assist in our operations
  • Legal authorities when required by law

When transferring data outside the EU/EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Other approved transfer mechanisms

8. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected or as required by law. Retention periods vary based on:

  • The nature of the data
  • The purpose of processing
  • Legal or regulatory requirements

9. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Staff training on data protection

10. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant supervisory authorities within 72 hours as required by GDPR.

11. Cookies and Tracking

We use cookies and similar technologies. You can manage your cookie preferences through our cookie banner or browser settings. For more details, see our Cookies Policy.

12. Children's Data

We do not knowingly collect or process personal data from individuals under 16 years of age without parental consent.

13. Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Subject Line: GDPR Rights Request

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you accordingly.

14. Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority in your EU member state.

15. Updates to This Policy

We may update this GDPR policy to reflect changes in our practices or legal requirements. We will notify you of any material changes.

16. Contact Information

For any questions about our GDPR compliance or data protection practices:

Email: [email protected]
Address: Level 14, 383 Kent Street, Sydney NSW 2000, Australia